Apple has tapped security expert and author David Rice to be its director of global security, several sources have confirmed to me. He's expected to start at Apple in March.
Apple hasn't returned calls seeking comment.
There's no word yet about what precisely Rice's job will entail, and knowing secrecy-obsessed Apple, there likely won't be. But it's not hard to make a reasonable guess.
With iPhones and iPads penetrating the enterprise in ever more impressive numbers, companies want to know they're secure.
Late last year Apple started working with Unisys to help it sell Apple products to corporations and government agencies, all of which are concerned about the security implications of iPhones and iPads running on their networks.
Those who know Rice describe him as a deeply respected name in IT security circles who not only can speak the kind of language that makes CIOs comfortable, but can also back up that language with the skills and knowledge to match.
Rice hasn't yet responded to my messages seeking comment, but his bio is fascinating. He's a 1994 graduate of the U.S. Naval Academy and has a master's degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He served as a Global Network Vulnerability analyst for the National Security Agency and as a Special Duty Cryptologic officer for the Navy.
His LinkedIn profile says he's executive director of the Monterey Group, a cybersecurity consulting firm. He's also on the faculty of IANS, an information security research company.
He also works with the U.S. Cyber Consequences Unit, a nonprofit organization that researches the potential for cyberattacks and their impact. Before that he worked for the security firm Neohapsis.
His 2007 book, "Geekonomics," has been described as the software industry's equivalent of Ralph Nader's "Unsafe at Any Speed." In it he argues that software is modern infrastructure--just like a bridge (hence, the picture on the cover)--and if it's poorly made or insecure, it constitutes a public hazard.
Those who buy software--consumers, corporations, and governments--end up being "crash test dummies" for an industry with no accountability for losses incurred by their customers, he argues.
He goes on to peg the costs of patching faulty software at $180 billion a year, and says that's probably conservative. Patching software for security weaknesses takes capital that might be used for other, more productive, things.
His solution? Taxes. In a 2008 interview with Forbes, he compared security vulnerabilities in software to the unavoidable pollution emitted by factories. Since software can never be perfect, a "bug tax" keyed to the number and severity of software bugs discovered would create an incentive for better quality control.
Rice would be the latest in a string of high-profile security hires at Apple.
Last March, it hired Window Snyder, the former security chief at Mozilla, as its senior product manager for security, and in 2009 it hired Ivan Krstic, the former head of security for the One Laptop Per Child project, to work on core security for Mac OS X. Jon Callas, the former CTO of encryption software maker PGP, now a unit of Symantec, joined Apple last year.
Apple - USE TAG
reading•Apple taps Navy techie for global security head
Sep 25•iPhone XS drop test: This phone would not crack
Sep 24•How to use iOS 12 Screen Time and parental controls
Sep 24•How to use Stacks in MacOS Mojave
Sep 24•iOS 12: What you need to know about the iPhone's fun new Memoji feature